-/* $OpenBSD: ssh.c,v 1.578 2022/10/13 09:09:28 jsg Exp $ */
+/* $OpenBSD: ssh.c,v 1.579 2022/10/24 22:43:36 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
resolve_host(const char *name, int port, int logerr, char *cname, size_t clen)
{
char strport[NI_MAXSERV];
+ const char *errstr = NULL;
struct addrinfo hints, *res;
int gaierr;
LogLevel loglevel = SYSLOG_LEVEL_DEBUG1;
return NULL;
}
if (cname != NULL && res->ai_canonname != NULL) {
- if (strlcpy(cname, res->ai_canonname, clen) >= clen) {
+ if (!valid_domain(res->ai_canonname, 0, &errstr)) {
+ error("ignoring bad CNAME \"%s\" for host \"%s\": %s",
+ res->ai_canonname, name, errstr);
+ } else if (strlcpy(cname, res->ai_canonname, clen) >= clen) {
error_f("host \"%s\" cname \"%s\" too long (max %lu)",
name, res->ai_canonname, (u_long)clen);
if (clen > 0)
-/* $OpenBSD: sshconnect.c,v 1.358 2022/08/26 08:16:27 djm Exp $ */
+/* $OpenBSD: sshconnect.c,v 1.359 2022/10/24 22:43:36 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
char *ip = NULL, *host = NULL;
char hostline[1000], *hostp, *fp, *ra;
char msg[1024];
- const char *type, *fail_reason;
+ const char *type, *fail_reason = NULL;
const struct hostkey_entry *host_found = NULL, *ip_found = NULL;
int len, cancelled_forwarding = 0, confirmed;
int local = sockaddr_is_local(hostaddr);
(host_found != NULL && host_found->note != 0)))
readonly = RDONLY;
+ /* Don't ever try to write an invalid name to a known hosts file */
+ if (!valid_domain(hostname, 0, &fail_reason)) {
+ debug_f("invalid hostname \"%s\"; will not record: %s",
+ hostname, fail_reason);
+ readonly = RDONLY;
+ }
+
/*
* Also perform check for the ip address, skip the check if we are
* localhost, looking for a certificate, or the hostname was an ip
projects / openbsd / commitdiff